7^. 




United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Offtce 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/614,087 


07/1 1/2000 


Robert C. Leah 


RSW9-2000-0074-US1 


1360 



7590 07/12/2004 

Gregory M Doudnikoff 
IBM Corporation T8 1/062 
POBox 12195 

Research Triangle Park, NC 27709 



EXAMINER 



TRAN, TONGOC 



ART UNIT 



PAPER NUMBER 



2134 

DATE MAILED: 07/12/2004 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



• 

Office Action Summary 


Application No. 

09/614.087 


Appllcant(s) 

LEAH ET AL. 


Examiner 

Tongoc Tran 


Art Unit 

2134 





•• The MAILING DATE of this communication appears on the cover sheet with the correspondence address 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) 13 Responsive to communication(s) filed on 05 May 2004 . 

2a)S This action is FINAL. 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for fornial matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 0.G.213. 

Disposition of Claims 

4) S Claim(s) 1-46 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) S Claim(s) 1-46 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on 05 May 2004 is/are: a)K accepted or b)^ objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

II) n The oath or declaration is objected to by the Examiner. Note the attached Office Action orfomn PTO-152. 

Priority under 35 U.S.C. § 119 

1 2)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) 13 Notice of References Cited (PTO-892) 

2) O Notice of Draflsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) n Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) □ Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 6 



Application/Control^mber: 09/61 4,087 Page 2 

Art Unit: 2134 

DETAILED ACTION 

1 . This office action is in response to applicant's amendment filed on 
5/5/2004. Claims 1,18, 22, 39 and 43 have been amended. Claims 44-46 are 
added. Claims 1-46 are pending. 

Response to Arguments 

2. In response to Applicant's remark on independent claims 1 , 22 and 43. 
Applicant contends that Blakley teaches "propagating already stored information" 
whereas "applicant's claims are directed toward propagating an identifying secret 
that has been transmitted from the client" (applicant's remark on page 20-21). 
Blakley discloses that user must be authenticated before accessing DCE 
environment (col. 2, lines34-45), and since users are communicated to the 
security server (PSA) (Fig. 3A) and the security server encompasses the DCE 
registry (master registry) (col. 2, lines 55-67). Furthermore, Blakley teaches most 
registries store encrypted passwords (e.g. col. 2, lines 60-61, col. 3, lines 11-15 
and 60-65). Therefore, it suggests that the propagating plaintext password 
taught by Blakley are transmitted from the client. 

Applicant's arguments with respect to dependent claims 18 and 39 have 
been considered but are moot in view of the new ground(s) of rejection. 

Claim Objections 

3. Claims 44-46 are objected to because of the following informalities: 
The terms "fro" recited in the claims appear to be typographical errors. 
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Appropriate correction is required. 



Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1, 22 and 43 are rejected under 35 U.S.C. 1 12, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

The preamble of claims 1 , 22 and 43 recite "propagating security 
credentials from a trusted authenticating domain". However, the amended 
portion of the claims recite "propagating the identifying secret of the user directly 
from the PSA. The preamble suggests the domain is propagating (updating) the 
identifying secret of the user whereas the amended step suggests the PSA is 
performing the function of updating the user's secret identifying information. 



Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 
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Claims 1-17, 19-38 and 40-46 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Blakley, III etal. (U.S. Patent No. 5,862,323, hereinafter 
Blakley). 

In respect to claim 1 , Blakley discloses a computing environment having a 
connection to a network, a computer program product for securely propagating 
security credentials using a trusted authenticating domain, the computer program 
product embodied on one or more computer-readable media and comprising: 

computer-readable program code means for establishing a secure 
connection between a client and a password synchronization agent (PSA) (see 
col. 3, lines 35-46); 

computer-readable program code means for transmitting an identifier of a user 
and an identifying secret of the user from the cUent to the PSA over the secure connection 
(see col. 2, hnes 45 and col. 3, lines 35-46); 

computer-readable program code means for validating the user with the 
trusted authenticating domain using the transmitted user identifier and identifying 
secret, on request of the PSA (see col. 2, line 26-57); 

computer-readable program code means for propagating the identifying 
secret of the user directly from the PSA to a master registry if the validation 
succeeds (see Fig. 3A, col. 2, lines 24-coL 3, lines 20 and col. 6, lines 40-60 and 
coL 7, lines 7-33). 

In respect to claim 2, Blakley discloses the computer program product 
according to Claim 1 , further comprising: 
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computer-readable program code means for establishing a second secure 
connection between the PSA and the trusted authenticating domain; and 

computer-readable program code means for using the second secure 
connection for the validating of the user (see col. 6, lines 22-34). 

In respect to claim 3, Blakley discloses the computer program product 
according to Claim 1 , further comprising: 

computer-readable program code means for establishing a third secure 
connection between the PSA and the master registry (see col. 6, lines 22-34); 
and 

computer-readable program code means for using the third secure 
connection for the propagating of the identifying secret to the master registry (see 
col. 11 lines 27-31). 

In respect to claim 4, Blakley discloses the computer program product 
according to Claim 1 , further comprising computer readable program code 
means for propagating the identifying secret to one or more other target registries 
if the validation succeeds (see col. 8, lines 34-44). 

In respect to claim 5, Blakley discloses the computer program product 
according to Claim 4, further comprising: 

computer-readable program code means for establishing additional secure 
connections between the PSA and each of the other target registries (see col. 8, 
lines 34-44); and 
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computer-readable program code means for using the additional secure 
connections for the propagating of the identifying secret to the other target 
registries (see col. 8, lines 34-44). 

. In respect to claim 6, Blakley discloses the computer program product 
according to Claim 1 1 . further comprising: 

computer-readable program code means for obtaining an identification of 
the trusted authenticating domain from the user (see col. 5, line 49-col. 6, line 2); 
and 

computer-readable program code means for verifying that the trusted 
authenticating domain is trusted by the master registry as a prerequisite to the 
propagating (see col. 3, line 54-60, col. 6, lines 40-60). 

In respect to claim 7, Blakley discloses the computer program product 
according to Claim 1 , further comprising: 

computer-readable program code means for obtaining an identification of 
the trusted authenticating domain from the master registry (see col. 6, lines 40- 
60), 

In respect to claim 8, Blakley discloses the computer program product 
according to Claim 6, wherein the master registry stores trust policy information, 
and wherein the computer-readable program code means for verifying that the 
trusted authenticating domain is trusted further comprises computer-readable 
program code means for checking whether the stored trust policy information for 
the user includes the identification obtained from the user (see col. 3, lines 54-60, 
col. 5, line 49-coL 6, line 2 and col. 6, lines 40-60). 
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In respect to claim 9, Blakley discloses the computer program product 
according to Claim 5, wherein the master registry stores trust policy information, 
and wherein the computer-readable program code means for verifying that the 
trusted authenticating domain is trusted further comprises computer-readable 
program code means for checking whether the stored trust policy information for 
a user group of which the user is a member includes the identification obtained 
from the user (see col. 6, lines 40-60). 

In respect to claim 10, Blakley discloses the computer program product 
according to Claim 7, wherein the master registry stores trust policy information, 
and wherein the computer-readable program code means for obtaining the 
identification of the trusted authenticating domain from the master registry further 
comprises: 

computer-readable program code means for obtaining the identification 
using the stored trust policy information for the user (see col. 3, lines 54-60, col. 
6, lines 40-60). 

In respect to claim 1 1 , Blakley discloses the computer program product 
according to Claim 7, wherein the master registry stores trust policy information, 
and wherein the computer-readable program code means for obtaining the 
identification of the trusted authenticating domain from the master registry further 
comprises computer-readable program code means for obtaining the 
identification using the stored trust policy information for a user group of which 
the user is a member (see col. 6, lines 40-60). 
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In respect to claim 12, Blakley discloses the computer program product 
according to Claim 4, wherein the master registry stores password 
synchronization policy information, and wherein the computer-readable program 
code means for propagating the identifying secret to the one or more other target 
registries further comprises computer-readable program code means for 
identifying the one or more other target registries using the stored password 
synchronization policy information for the user (see col. 8, lines 34-44). 

In respect to claim 13, Blakley discloses the computer program product 
according to Claim 4. wherein the master registry stores password 
synchronization policy information, and wherein the computer-readable program 
code means for propagating the identifying secret to the one or more other target 
registries further comprises computer-readable program code means for 
identifying the one or more other target registries using the stored password 
synchronization policy information for a user group of which the user is a member 
(see col. 7, lines 24-50). 

In respect to claim 14, Blakley discloses the computer program product 
according to Claim 1 , wherein the computer-readable program code means for 
establishing the secure connection further comprises computer-readable 
program code means for authenticating the PSA to the client (see col. 2, lines 34- 
45). 

In respect to claim 15, Blakley discloses the computer program product 
according to Claim 2, wherein the computer-readable program code means for 
establishing the second secure connection further comprises computer readable 
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program code means for authenticating the trusted authenticating domain to the 
PSA (see col. 2, lines 34-45). 

In respect to claim 16, Blakley discloses the computer program product 
according to Claim 3, wherein the computer-readable program code means for 
establishing the third secure connection further comprises computer readable 
program code means for authenticating the master registry to the PSA (see col. 
2, lines 34-45). 

In respect to claim 17, Blakley discloses the computer program product 
according to Claim 5, wherein the computer-readable program code means for 
establishing additional secure connections further comprises computer readable 
program code means for authenticating the other target registries to the PSA 
(see col, 8, lines 34-44). 

In respect to claim 19, Blakley discloses the computer program product 
according to Claim 1, wherein the computer-readable program code means for 
validating further comprises computer-readable program code means for 
invoking an authenticated LDAP bind or other native authentication mechanism 
of the trusted authenticating domain, wherein the identifier of the user and the 
identifying secret of the user are passed to the trusted authenticating domain, 
thereby causing the trusted authenticating domain to validate the passed 
identifier and identifying secret and return a result which reports a success or 
failure of the validation (see col. 7, line 52-col. 8, line 4). 
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In respect to claim 20, Blakley discloses the computer program product 
according to Claim 1 , wherein the PSA has administrative authority for 
performing operations at the master registry (see col. 1 1 , lines 27-31 ). 

In respect to claim 21, Blakley discloses the computer program product 
according to Claim 4, wherein the PSA has administrative authority for 
performing operations at the one or more other target registries (see col. 3, lines 
35-53). 

In respect to claims 22-38 and 40-42, the claim limitations are system 
claims that are substantially similar to computer readable medium claims 1-17 
and 19-21 . Therefore, claims 22-38 and 40-42 are rejected based on the similar 
rationale. 

In respect to claim 43, the claim limitation is a method claim that is 
substantially similar to computer readable medium claim 1. Therefore, claim 43 
is rejected based on the similar rationale. 

In respect to claim 44, Blakley discloses the computer program product 
according to claim 1, further comprising: 

Computer-readable program code means for obtaining a new value from 
the user to be used as the propagated identifying secret if the validation 
succeeds (see col. 2, lines 15-54 and col. 7, lines 5-34); and 

Computer-readable program code means for substituting this new value 
for the identifying secret prior to operation of the computer-readable program 
code means for propagating (see col. 7, line 52-col. 8, line 4). 
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In respect to claims 45-46, the claim limitations are system and method 
claims that are substantially similar to computer-readable program code means 
of claim 1 . Therefore, claims 45-46 are rejected based on the similar rationale. 



Claim Rejections - 35 (JSC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claims 18 and 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Blakley (U.S. Patent No. 5,862,323) in view of Huynh et al. 
(U.S. Patent No. 6,240,184). 

In respect to claim 18 and 39, Blakley discloses the computer program 
product according to Claim 1, wherein the computer-readable program code 
means for validating further comprises: 

computer-readable program code means for performing a security function 
on the identifying secret of the user, wherein the security function comprises one 
of (i) a one-way hashing algorithm or (ii) an encryption algorithm (see col. 3, lines 
9-19); 

computer-readable program code means for using the user identifier to 
locate a previously-stored identifying secret of the user which was stored by the 
master registry; and computer-readable program code means for comparing the 
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located identifying secret to a result of performing the security function (see col. 
2, lines 34-45). 

Blakley does not disclose but Huynh discloses means for concluding that 
the validation succeeds if the located identified secret is identical to a result of 
performing the security function (Huynh, col. 1, lines 14-54 and col. 2, lines 27- 
45). Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to incorporate the teaching of Blakley's 
propagating plaintext password with the teaching of Huynh's propagating 
encrypted password after validating of encrypted password succeeds so that 
attacker who gains access to the encrypted password can not readily discern the 
password (Huynh, col. 1, lines 34-37), 



Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
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calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Tongoc Tran whose telephone number is 
(703) 305-7690. The examiner can normally be reached on 8:30-5:00 M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gregory A. Morse can be reached on (703) 308-4789. 
The fax phone number for the organization where this application or proceeding 
is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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